Life of Saputrahttps://saputra.org
Appropriate in its timeThu, 01 Nov 2018 01:42:58 +0000en-NZhourly1https://wordpress.org/?v=4.9.8Create a new Mac Administrator account using Single User Modehttps://saputra.org/create-a-new-mac-administrator-account-using-single-user-mode/
https://saputra.org/create-a-new-mac-administrator-account-using-single-user-mode/#respondThu, 01 Nov 2018 01:42:03 +0000https://saputra.org/?p=257If you ever need to recreate admin account on your Mac, this is the quickest and safest way to do it without breaking your Mac: Boot into Single User Mode by pressing ⌘ + S before you hear the Apple chime. Mount the drive by typing /sbin/mount –uw / then ↩ enter. Remove the Apple … Continue reading "Create a new Mac Administrator account using Single User Mode"

This will force macOS to redo the initial first account creation, and doing so will not affect the current user profiles (they will remain intact) – so, if you prefer to make them as admin later, you can do that as well by logging in using the newly created admin account, then go to System Preferences, then Users & Groups, select the existing user, and tick “Allow user to administer this computer.”

rhgb is the red hat graphical boot – This is a GUI mode booting screen with most of the information hidden while the user sees a rotating activity icon spining and brief information as to what the computer is doing.

quiet hides the majority of boot messages before rhgb starts. These are supposed to make the common user more comfortable. They get alarmed about seeing the kernel and initialising messages, so they hide them for their comfort.

I personally prefer a faster bootloader wait time, hence I lowered my GRUB_TIMEOUT from 5 seconds to 1 seconds.

This is my /etc/default/grub output after I removed both rhgb and quiet option:

]]>https://saputra.org/disable-redhat-graphical-boot-centos-grub/feed/0Clone from Larger HDD to Smaller SSDhttps://saputra.org/clone-from-larger-hdd-to-smaller-ssd/
https://saputra.org/clone-from-larger-hdd-to-smaller-ssd/#respondThu, 04 Oct 2018 02:20:34 +0000https://saputra.org/?p=233In this post we will learn how to clone Windows from Larger Disk to Smaller Disk, in most cases we do this when we want to do HDD to SSD Upgrade, the hard disk drive usually has a larger size than our solid-state drive. We need to make sure that our C drive will fit … Continue reading "Clone from Larger HDD to Smaller SSD"

]]>In this post we will learn how to clone Windows from Larger Disk to Smaller Disk, in most cases we do this when we want to do HDD to SSD Upgrade, the hard disk drive usually has a larger size than our solid-state drive.

The software requires a license, but don’t worry, a valid free license code will be mailed to your email after you enter your email address. Click here to obtain that free license (you can also use some temporary mail to get the license)

Now install the software and open it, activate the software by entering the key you received in your email.

Click on Clone and then select System Redeploy like shown in the picture below:

Choose the Destination and it should be your SSD. The source is your system drive containing Windows files and boot images, etc. Please refer to the picture below:

Now click the Redeploy button and select Yes as shown in the picture above.

The software will then start the process and will complete the data transfer depending on your source disk size. Your partition will be automatically adjusted to fit with your new destination drive.

Physically swap the old drive with the new drive. You can uninstall the software if you prefer not to keep it.

I hope this works for you. Let me know if you have any question by commenting down below. Cheers!

]]>https://saputra.org/disable-boot-splash-screen-on-ubuntu-linux-grub/feed/0MikroTik Fasttrack with IPsechttps://saputra.org/mikrotik-fasttrack-with-ipsec/
https://saputra.org/mikrotik-fasttrack-with-ipsec/#respondThu, 06 Sep 2018 03:01:32 +0000https://saputra.ch/?p=220Fasttrack is a new feature introduced in RouterOS v6.29 that allows you to forward packages in a way that they are not handled by the Linux Kernel which greatly improves the throughput of your router as well as lowering the CPU load. Fasttrack allows all packages that have the state Established or Related to bypass … Continue reading "MikroTik Fasttrack with IPsec"

]]>Fasttrack is a new feature introduced in RouterOS v6.29 that allows you to forward packages in a way that they are not handled by the Linux Kernel which greatly improves the throughput of your router as well as lowering the CPU load.

Fasttrack allows all packages that have the state Established or Related to bypass the Kernel and be directly forwarded to the target. So, once a connection is marked as established or related, it won’t go through any firewalling or processing and will directly forwarded to the target. Of course – a connection gains the state of established or related once it went through the firewall so it will still be secure.

But there’s a known issue that Fasttrack will not work with IPsec connections, it will result in a rather wonky experience or very unstable IPsec connection. So if you have IPsec connections in your MikroTik but want to take the advantages of Fasttrack, here’s the resolution for you!

]]>https://saputra.org/mikrotik-fasttrack-with-ipsec/feed/0MikroTik Site-to-Site IPsec Tunnelhttps://saputra.org/mikrotik-site-to-site-ipsec-tunnel/
https://saputra.org/mikrotik-site-to-site-ipsec-tunnel/#respondMon, 03 Sep 2018 04:22:53 +0000https://saputra.ch/?p=212Easy Guide on how to setup MikroTik Site-to-Site IPsec Tunnel If one of MikroTik’s WAN IP address is dynamic, set up that router as the initiator (i.e. dial-out) If you are working from WAN, don’t forget to enable Safe Mode. Let’s go to Winbox -> IP -> IPsec -> Proposals, and this is the IPsec … Continue reading "MikroTik Site-to-Site IPsec Tunnel"

If one of MikroTik’s WAN IP address is dynamic, set up that router as the initiator (i.e. dial-out)

If you are working from WAN, don’t forget to enable Safe Mode.

Let’s go to Winbox-> IP -> IPsec -> Proposals, and this is the IPsec proposal I usually use:

It compatible with DrayTek Routers as well, see the picture below:

IPsec Policy

Let’s go to IP -> IPsec -> on Policies, click on + and on the Action tab, fill in the following:

<tick> Tunnel if it’s not ticked.

SA Src. Address: <WAN IP Address of this MikroTik> (this can be blanked, if this MikroTik has dynamic WAN IP address)
SA Dst. Address: <WAN IP Address of the other MikroTik>
Proposal: Select the proposal we created before (i.e. proposal-younameit)

IPsec Peers

Now let’s go to peers tab to setup the other phase:

If the initiator has dynamic WAN IP, set Generate Policy = port strict on the responder side. Port strict will generate policies and use ports from peer’s proposal, which should match peer’s policy. This is also useful when remote peer’s IP address is unknown at the configuration time, basically allowing the peer to establish SA for non-existing policies.

Setup the same (just reverse the SRC/DST) on the other side of tunnel, if your tunnel works, you will see on IPsec -> Installed SAs.

Last but not least, we need to setup a Firewall NAT rule that allows LAN IP in our MikroTik goes through the tunnel:

On the Action tab, set Action: accept.

Click Apply then OK and put this rule above the masquerade srcnat rule.

I hope this guide works for you, but if you have any question or comment please don’t hesitate to write down below, and I would happy to respond.

]]>https://saputra.org/mikrotik-site-to-site-ipsec-tunnel/feed/0How to upgrade or migrate Active Directory serverhttps://saputra.org/upgrade-or-migrate-active-directory-server/
https://saputra.org/upgrade-or-migrate-active-directory-server/#respondTue, 21 Aug 2018 01:58:47 +0000https://saputra.ch/?p=204A quick walkthrough on how to upgrade or migrate an Active Directory Server. In this guide, the old server is Windows Server 2008 R2 Standard, and the new server is Windows Server 2016 Essentials. This guide should work on other Windows Server version as the concept would be pretty much the same. Firstly, we would … Continue reading "How to upgrade or migrate Active Directory server"

Load snap-in Active Directory Schema
It will then connect to the old AD server first
Right click ‘Connect to Schema Operations Master’ and select the new server
Then select Operations Master and change the role with the new server:

Demoting old server

Obviously, go to the old server;
Use dcpromo.exe, it will say AD is a Global Catalog server;
Go to Active Directory Users and Computers (this can be done from either new server or old server);
Expand the domain and select Domain Controllers;
Select the old server and click on NTDS Settings;
Untick Global Catalog;

And now we should be able to demote the old server.

If you have any questions or comments, please write down below and I would happy to answer

]]>https://saputra.org/upgrade-or-migrate-active-directory-server/feed/0Setup MikroTik as L2TP/IPSec VPN Serverhttps://saputra.org/setup-mikrotik-as-l2tp-ipsec-vpn-server/
https://saputra.org/setup-mikrotik-as-l2tp-ipsec-vpn-server/#respondTue, 22 May 2018 07:48:29 +0000https://saputra.ch/?p=197This is a brief guide on how to implement an L2TP/IPSec VPN server on Mikrotik RouterOS and use it as a gateway. Change these to fit your setup: This router’s local IP address: 172.31.1.1/20 WAN connection is PPPoE with the name ether1-GTW. If you use PPPoE, use the name of your PPPoE connection. If you … Continue reading "Setup MikroTik as L2TP/IPSec VPN Server"

]]>This is a brief guide on how to implement an L2TP/IPSec VPN server on Mikrotik RouterOS and use it as a gateway.

Change these to fit your setup:

This router’s local IP address: 172.31.1.1/20

WAN connection is PPPoE with the name ether1-GTW.
If you use PPPoE, use the name of your PPPoE connection. If you use static configuration or DHCP client as WAN, use the name of that interface.

Pool name for VPN clients is vpn-pool and gives addresses 172.31.2.1-172.31.2.9

VPN profile: vpn-profile

VPN username: remoteuser

VPN password: yourpassword

L2TP secret: yourl2tpsecret

Remember that it’s always a good practice to use a strong password and secret.

Let’s create a pool of addresses that VPN clients will get once connected:

/ip pool add name=vpn-pool ranges=172.31.2.1-172.31.2.9

Then create a VPN profile that will determine the IP addresses of the router, VPN clients, and DNS server. You can set it to be outside of the local subnet, but make sure that your firewall allows the connection: